These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* (c) Anton Medvedev <[email protected]> |
||
3 | * |
||
4 | * For the full copyright and license information, please view the LICENSE |
||
5 | * file that was distributed with this source code. |
||
6 | */ |
||
7 | |||
8 | namespace Deployer; |
||
9 | |||
10 | 11 | desc('Make writable dirs'); |
|
11 | task('deploy:writable', function () { |
||
12 | 3 | $dirs = join(' ', get('writable_dirs')); |
|
13 | 3 | $mode = get('writable_mode'); |
|
14 | 3 | $sudo = get('writable_use_sudo') ? 'sudo' : ''; |
|
15 | 3 | $httpUser = get('http_user', false); |
|
16 | 3 | $runOpts = []; |
|
17 | 3 | if ($sudo) { |
|
18 | $runOpts['tty'] = get('writable_tty', false); |
||
19 | } |
||
20 | |||
21 | 3 | if (empty($dirs)) { |
|
22 | return; |
||
23 | } |
||
24 | |||
25 | 3 | if ($httpUser === false && ! in_array($mode, ['chgrp', 'chmod'], true)) { |
|
26 | // Attempt to detect http user in process list. |
||
27 | $httpUserCandidates = explode("\n", run("ps axo comm,user | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | sort | awk '{print $NF}' | uniq")); |
||
0 ignored issues
–
show
|
|||
28 | if (count($httpUserCandidates) === 1) { |
||
29 | $httpUser = $httpUserCandidates[0]; |
||
30 | } |
||
31 | |||
32 | if (empty($httpUser)) { |
||
33 | throw new \RuntimeException( |
||
34 | "Can't detect http user name.\n" . |
||
35 | "Please setup `http_user` config parameter." |
||
36 | ); |
||
37 | } |
||
38 | } |
||
39 | |||
40 | try { |
||
41 | 3 | cd('{{release_path}}'); |
|
42 | |||
43 | // Create directories if they don't exist |
||
44 | 3 | run("mkdir -p $dirs"); |
|
45 | |||
46 | 3 | $recursive = get('writable_recursive') ? '-R' : ''; |
|
47 | |||
48 | 3 | if ($mode === 'chown') { |
|
49 | // Change owner. |
||
50 | // -R operate on files and directories recursively |
||
51 | // -L traverse every symbolic link to a directory encountered |
||
52 | run("$sudo chown -L $recursive $httpUser $dirs", $runOpts); |
||
53 | 3 | } elseif ($mode === 'chgrp') { |
|
54 | // Change group ownership. |
||
55 | // -R operate on files and directories recursively |
||
56 | // -L if a command line argument is a symbolic link to a directory, traverse it |
||
57 | $httpGroup = get('http_group', false); |
||
58 | if ($httpGroup === false) { |
||
59 | throw new \RuntimeException("Please setup `http_group` config parameter."); |
||
60 | } |
||
61 | run("$sudo chgrp -H $recursive $httpGroup $dirs", $runOpts); |
||
62 | 3 | } elseif ($mode === 'chmod') { |
|
63 | // in chmod mode, defined `writable_chmod_recursive` has priority over common `writable_recursive` |
||
64 | if (is_bool(get('writable_chmod_recursive'))) { |
||
65 | $recursive = get('writable_chmod_recursive') ? '-R' : ''; |
||
66 | } |
||
67 | run("$sudo chmod $recursive {{writable_chmod_mode}} $dirs", $runOpts); |
||
68 | 3 | } elseif ($mode === 'acl') { |
|
69 | 3 | if (strpos(run("chmod 2>&1; true"), '+a') !== false) { |
|
70 | // Try OS-X specific setting of access-rights |
||
71 | |||
72 | run("$sudo chmod +a \"$httpUser allow delete,write,append,file_inherit,directory_inherit\" $dirs", $runOpts); |
||
73 | run("$sudo chmod +a \"`whoami` allow delete,write,append,file_inherit,directory_inherit\" $dirs", $runOpts); |
||
74 | 3 | } elseif (commandExist('setfacl')) { |
|
75 | 3 | if (!empty($sudo)) { |
|
76 | run("$sudo setfacl -L $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs", $runOpts); |
||
77 | run("$sudo setfacl -dL $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs", $runOpts); |
||
78 | } else { |
||
79 | // When running without sudo, exception may be thrown |
||
80 | // if executing setfacl on files created by http user (in directory that has been setfacl before). |
||
81 | // These directories/files should be skipped. |
||
82 | // Now, we will check each directory for ACL and only setfacl for which has not been set before. |
||
83 | 3 | $writeableDirs = get('writable_dirs'); |
|
84 | 3 | foreach ($writeableDirs as $dir) { |
|
85 | // Check if ACL has been set or not |
||
86 | 3 | $hasfacl = run("getfacl -p $dir | grep \"^user:$httpUser:.*w\" | wc -l"); |
|
87 | // Set ACL for directory if it has not been set before |
||
88 | 3 | if (!$hasfacl) { |
|
89 | 3 | run("setfacl -L $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir"); |
|
90 | 3 | run("setfacl -dL $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir"); |
|
91 | } |
||
92 | } |
||
93 | } |
||
94 | } else { |
||
95 | 3 | throw new \RuntimeException("Can't set writable dirs with ACL."); |
|
96 | } |
||
97 | } else { |
||
98 | 3 | throw new \RuntimeException("Unknown writable_mode `$mode`."); |
|
99 | } |
||
100 | } catch (\RuntimeException $e) { |
||
101 | $formatter = Deployer::get()->getHelper('formatter'); |
||
102 | |||
103 | $errorMessage = [ |
||
104 | "Unable to setup correct permissions for writable dirs. ", |
||
105 | "You need to configure sudo's sudoers files to not prompt for password,", |
||
106 | "or setup correct permissions manually. ", |
||
107 | ]; |
||
108 | write($formatter->formatBlock($errorMessage, 'error', true)); |
||
109 | |||
110 | throw $e; |
||
111 | } |
||
112 | }); |
||
113 |
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.